Audio masking is portable RF shielding’s missing ingredient
In recent years, the Department of Defense has made a number of efforts to tackle the problems presented by personnel using mobile devices. In 2018, the DOD restricted smartphone usage within secure spaces at the Pentagon -- carving out an exception for government-issued devices with the cameras and microphones removed -- and banned active-duty military from using mobile apps that tap GPS. From a distance, these moves may have seemed like overreactions.
Yet the Pentagon knew that any smartphone, when targeted by a threat actor of the nation-state variety, can be turned against its user and repurposed not just as a real-time location tracker but as a spying and eavesdropping device. Seen in this light, the department’s struggles to strike a workable balance between the utility and security risks of mobile devices are understandable, especially given the critical nature of DOD operations.
On the location front, it’s important to understand that location tracking is essentially baked into cellular connectivity, as cellular providers need to know where a device is located in order to deliver calls, texts and data. In the United States, cellular providers sell access to their customers’ locations to companies called location aggregators, who in turn sell that data to any number of clients, potentially even to nation-state actors posing as legitimate companies. On top of that, thanks to security gaps in the SS7 network used by carriers to communicate with one another when directing cell services, tracking systems have been built that enable access to carrier location databases.
Long story short, even without any data-hungry, GPS-centric apps on their smartphone, a user is subject to location tracking. On its own, location data can spotlight sensitive locations (like a secret military base), reveal user patterns (such as troop movements) and even bring to light blackmailable behaviors (perhaps a penchant for visiting areas associated with illegal activity).
Because smartphone location is tied to cellular, GPS, Wi-Fi, Bluetooth and potentially even the device’s motion sensors, there’s no surefire way users can shield their location other than turning off the phone. Powering down, however, presents its own problems. Critically, doing so sends a signal to the cell network, and this can serve as a clue for malicious actors, perhaps tipping them off that the target is in a strategic location or engaged in sensitive work.
To fight illicit location monitoring without needing to turn off devices, users have a tool at their disposal: the portable Faraday case. This type of device is designed to prevent location tracking when the smartphone is not in use by blocking RF connections to cell towers and GPS satellites and shielding other wireless signals. Faraday cases also provide protection against IMSI catchers and other wireless threats.
Unfortunately, many of the common, fabric-based Faraday bag solutions don’t meet the requirements of those who really want to stop RF signals, given the high sensitivity of cellular and other receivers in the phone.
A side benefit to portable Faraday cases is that the smartphone’s cameras are rendered useless when enclosed within the case. However, the same can’t be said for the device’s microphones. If infected with spyware, the encased smartphone can still be used as an audio recorder, with data uploaded to the attacker’s command-and-control server once a connection has been reestablished. Such audio clips can reveal important conversations and provide clues about the user’s operating environment, relationships and even emotions and health conditions.
To close this security gap, agencies are turning to devices that combine high-performance, portable RF shielding with audio masking. Independent noise signals can be pumped into the internal chamber of the Faraday case to hide conversations and other audio data in the device’s vicinity from the enclosed smartphone’s microphones.
This unique configuration of signal shielding, audio masking and visual blocking effectively recreates the conditions of a sensitive compartmented information facility for a single mobile device. A SCIF typically uses RF shielding technologies and noise dampening or noise speakers to prevent the emanation of electronic, audio and visual signals. Such facilities are located within secure government buildings like the Pentagon, in the homes of senior officials and even on the battlefield.
With the capability set of a SCIF now available at the device level, DOD personnel and security-conscious organizations throughout the federal government can achieve unprecedented control over their untrusted commercial mobile devices and actively deny opportunities for harmful data capture and monitoring
There are a number of powerful use cases resulting from this newfound control. In the office, individual cases can replace the device storage lockers outside of secure spaces, with the bonus that personnel never have to leave their devices out of sight. On the road, they can create a ready-made security bubble for those commuting to work or traveling in an official capacity. And on the battlefield, these cases can replace the need for a full SCIF in situations requiring nimbleness or provide RF camouflage to prevent the adversary from targeting RF emissions.
Throughout the world, smartphones are playing an increasingly large role in cyber conflicts and intelligence operations. Ultimately, those who can best utilize mobile devices without falling prey to their security pitfalls will have an enormous strategic advantage. Combining RF shielding and audio masking at the device level is a significant new approach for achieving this balance.
Mike Fong is the founder and CEO of Privoro.